In this whitepaper, get a detailed look at dangerous robot networks or “botnets,” such as Sobig, StormWorm and MayDay. Understand how their creators are constantly evolving these threats to prevent detection by traditional forms of security. Finally, learn how the MessageLabs solution provides unique protection against botnets.
WHITEPAPER
The Botnet Threat: Targeting Your Business
By Anoirel Issa, Malware Research Analyst
The Business of Botnets Affected companies see valuable corporate bandwidth taken up and networks operating less ef? ciently. They also ? nd themselves Robot armies. Zombie legions. Slave hordes programmed to inadvertently taking part in spamming and illegal activities that follow the orders of malevolent masters concealed, out of reach, af? ict internet users worldwide. Infected machines may even fall hundreds or thousands of miles away. It may sound like the plot prey to associated threats which lead to leakage of con? dential, from a clichéd sci-? or horror movie. But it actually describes a business-critical data and the blunting of competitive edge.key feature of the messaging and web threat landscape that has established itself center-stage over the last ? ve years. And it's a This MessageLabs whitepaper looks at how the botnet threat threat that now has businesses ? rmly in its sights. has evolved and the serious danger it now poses to business. But it also shows how the threat can be thwarted, instantly and A 'botnet' - short for 'robot network' - is a group of internet cost-effectively. The information is based on MessageLabs computers, often scattered over a wide geographical area, set hands-on experience of providing proven messaging and web up to forward spam or malware to other computers. Crucially, the security management services for 18,000 clients worldwide, with owners of the botnet computers have absolutely no idea that their over 2.5 billion attempted SMTP connections processed every machines have been compromised in this way. day on their behalf.Computers are generally 'recruited' to botnets when their owners innocently click on an email attachment containing a virus, or on an infected weblink. Although nothing might appear to happen, In the Beginninga malware program surreptitiously downloads itself to the hard Around the start of 2003, an ingenious new intruder appeared drive. This enables the botnet controller or 'herder' - probably a on the messaging security radar. The ? rst large-scale mass-member of an international criminal gang - to take control of the emailing virus, Sobig lurked in attachments accompanying computer at times of their choosing. unsolicited emails and would secretly install itself on computers of unwary victims who tried to open the attachment. In this way, The gang then enjoys the luxury of different money-making their machines were hooked into the world's ? rst major botnet options. They might harness the botnet themselves or rent it out and condemned to regular hijackings by the botnet's herder. And to other 'bad guys' to launch massive spam runs, for example. where Sobig was the pioneer, many similar threats (e.g. Fizzer In blissful ignorance, the owners of the infected machines and MyDoom) followed.never realize what's happening. They're never aware that the occasional ? ickering of a hard-drive light is a tell-tale sign that Soon, botnets were sucking in thousands, then hundreds of their machines are responding to a remote master's bidding. thousands of computers. Increases in botnet activity were also closely linked to broadband rollout. More home computers To date, home computers have accounted for a vast majority connected to the internet round the clock meant greater of botnet computers. The bad guys understood that home PCs availability to do the bad guys' dirty work.were less likely than business-based machines to have effective security measures in place. But traditional patterns are shifting. It was not just the botnets' scalability but also their sophistication Advancements in sophistication - illustrated by the recent that seemed to increase exponentially. Each new 'improved' StormWorm phenomenon - mean botnet gangs can now more version of Sobig, for instance, posed a more serious threat than easily breach corporate defenses and compromise business- the last. The ? nal version, Sobig.F, could even mass-mail spam based computers too. simultaneously, not sequentially as before - with many of these emails designed to further propagate the virus. By summer 2004, global spam levels had exploded, unsolicited emails accounted for 90% of email traf? c and no fewer than 10% of emails
WHITEPAPER: The Botnet Threat: Targeting Your BusinessThe botnet intercepted by MessageLabs contained a botnet- But the hyper... [download for more]
